You may be tempted to keep various versions of Java running on your systems, but doing so leaves you exposed to security threats

InfoWorld|Nov 15, 2011

There's no denying the popularity of Java, as evidenced by its ubiquity on home and work systems worldwide. But it's easy for computers -- both in homes and at organizations -- to have multiple versions of Java installed, thus exposing those systems to security exploits. IT admins need to do a better job of closing those holes. One critical step, which I've recommended for years, is for admins and users to update to the most recent version of Java (applications permitting) and to remove all other existing versions.

Three factors contribute to Java's unenviable "use with caution" status: First, Java is cross-platform. Almost every computer, regardless of OS, runs it. That makes it a juicy target for hackers. Second, many computers contain multiple versions, usually unbeknownst to the user. Third, at least one of those versions is unpatched. Java links can contain software that easily check for which versions a client browser is running; within a few seconds, a malicious program can hone in on an old, unpatched version.

Removing all old versions of Java and running only the latest, patched versions is easier said than done. For one, new Java installs don't necessarily uninstall the older versions automatically. That's because some Java applications require specific versions in order to run. I've had clients with 5 to 10 different versions of Java installed, and they were scared to remove a single version for fear of breaking something.